Privacy Policy

Introduction

This policy describes data handling practices on firejoker-slot.nz. It applies from March 30, 2026. Our site serves as an informational hub run by three data enthusiasts from the Hastings area. We coordinate via a private Discord server and meet Saturdays at the local library. Email us at [email protected] for questions. Site content centers on technical audits of slot game engines. We examine mechanics like random number generation and payout structures without offering play options or bets. This setup keeps things focused on analysis. Visitors read reports on volatility patterns and RTP calculations derived from public data sources. No accounts exist here. Data collection stays minimal to support site operations and basic analytics.

Understanding our approach requires context on operations. Server logs capture visits for performance monitoring. Contact forms receive inquiries directly. Aggregate trends help refine content delivery. Personal identifiers appear only when supplied voluntarily. Compliance follows New Zealand Privacy Act 2020 principles alongside general web standards. International visitors receive same treatment. Policy updates occur as needed with notice on site.

Data Collected Automatically

Servers record standard web metrics upon each visit. IP addresses log for geolocation approximation and security checks. User agent strings reveal browser versions and device types. Timestamps mark session starts and ends. Referred pages indicate traffic sources. Page paths track navigation flows. These elements build usage patterns without targeting individuals. Bandwidth usage notes help manage hosting costs. Error logs flag broken links or load issues. Frequency counters tally repeat visits roughly via IP ranges. No precise user profiling happens. Data pulls from HTTP headers sent by browsers. Proxies or VPNs alter visible details naturally. Our logs rotate weekly to limit storage. Access restricts to team members only.

Examples clarify collection scope. A visit from Chrome on Windows shows as specific agent string alongside IPv4 address. Mobile users appear with touch-enabled indicators. Direct entries differ from Google referrals in log fields. Heatmaps derive from aggregated paths not raw logs. Public release of stats anonymizes everything further. Purpose ties directly to maintenance not marketing.

User-Provided Information

Contact form submissions provide name, email, and message text optionally. We store these for response preparation. No phone numbers requested. Newsletter signups absent entirely. Comment sections nonexistent to avoid moderation overhead. Social shares rely on platform tools without our data capture. File uploads prohibited. Validation checks emails for format only. Spam filters block obvious bots via simple patterns. Submitted data enters a secure database with encryption at rest. Responses send from team addresses manually. Records delete after query resolution unless follow-up requested. Consent implied by form use per NZ law. Withdrawal possible anytime via email request.

Specific cases illustrate handling. Inquiry about Fire joker RTP math receives detailed reply with sources cited. General feedback prompts content adjustments. Abuse reports trigger IP blocks if repeated. All interactions log timestamps for accountability.

Cookies and Similar Technologies

Essential cookies set for session management. These hold no personal data beyond temporary IDs. Analytics cookies from open-source tools track anonymized events. No third-party advertisers embed trackers. Cookie banners inform on first load with opt-out links. Storage limits to 4KB per domain. Expiration sets to 30 days max for non-essentials. Local storage avoids where cookies suffice. Fingerprinting techniques unused deliberately. Consent stored as cookie flag. Refusal degrades to basic functionality only.

Breakdown lists types used. Session cookie 'sid' persists cart-like views if added later. Analytics 'ga-opt' notes consent status. Performance '_pvid' aids caching. Disabling clears future sets but past logs remain unaffected. Browser settings control acceptance globally. Our policy aligns with NZ Unsolicited Electronic Messages Act for any emails. Testing confirms no cross-site scripting risks from cookies.

Techniques expand on implementation. Server-side sessions prefer stateless JWT tokens lately. Client-side prefers httpOnly flags against XSS. Audit trails verify compliance quarterly during library meets.

Uses of Collected Data

Primary use supports site functionality. Logs diagnose slowdowns or outages. Aggregates inform content prioritization. Contact data enables direct communication. Security monitoring detects unusual patterns like DDoS attempts. Improvement cycles base on visit trends. No sales or profiling for ads. Research aggregates feed public reports anonymously. Bandwidth optimization prevents overloads. Compliance reporting satisfies hosting provider audits. Team reviews summarize monthly via Discord.

Operational details fill gaps. High bounce rates on audit pages prompt clearer explanations. Popular referrers guide backlink pursuits. Peak hours shape server scaling. Error rates under 1% trigger code reviews. User agents inform compatibility tests across Safari, Firefox, Edge. Geographic clusters hint at audience but never target.

Sharing and Disclosure

No data sales occur. Service providers access minimized logs for hosting, CDN delivery. Contracts mandate same privacy standards. Law enforcement requests review case-by-case with warrants only. Team members view under NDA equivalents. Aggregates share in blog posts without identifiers. No mergers planned affecting data. Backup providers encrypt transmissions. Audit firms check annually if scaled.

Third parties limited strictly. Cloudflare handles caching with anonymized metrics. Matomo self-hosted for analytics avoids Google. Email service Proton respects privacy. No Facebook pixels or similar. Disclosure logs track any shares.

Data Security Measures

Encryption applies TLS 1.3 site-wide. Database uses AES-256. Access controls via keys rotated bi-monthly. Firewalls block unauthorized ports. Regular vulnerability scans run open-source tools. Backups offsite encrypted. Incident response plan tests yearly. Physical security irrelevant as cloud-based. Monitoring alerts on anomalies 24/7.

Practices evolve with threats. OWASP top ten addressed in code reviews. Two-factor on admin panels. Least privilege principle enforced. Logs audit admin actions. Penetration tests by external ethical hackers every two years. Team training via online modules shared on Discord.

Data Retention and Deletion

Logs purge after 90 days. Contact records after 12 months inactive. Cookies expire per policy. Aggregates indefinite anonymized. Deletion requests process within 30 days. Automated scripts handle routine purges. Confirmation emails sent post-deletion.

Periods match necessity. Security needs short-term logs. Legal holds extend if required. User requests override defaults.

Your Privacy Rights

NZ residents access, correct, delete data via email. Overseas users similar where applicable. GDPR-like rights honored voluntarily. Objection to processing possible. Portability for contacts. Verification via email confirmation. Appeals process starts with team review.

Exercise steps detailed. Send request to [email protected] stating right claimed. ID not required usually. Response within 14 days. Free service. Bulk requests batched.

Laws covered include Privacy Act 2020 principles 6-8 on individual participation.

Children's Privacy

Site targets adults. No child-directed content. Known under-16 contacts delete immediately. Parental consent absent as no collection intended. Reporting mechanisms for concerns.

International Data Transfers

Data stays in NZ/AU data centers mostly. EU transfers use standard clauses if any. Risk assessments annual. No high-risk countries.

Changes to This Policy

Updates post on site with date. Major changes email past contacts. Version history at footer. Review encouraged annually.

Contact Us

Reach [email protected]. Responses weekdays. Postal if needed: c/o Hastings Library, NZ. Discord inquiries via site form only.